Share This Page

Techbliss OwnerAdminIda Pro ExpertDeveloper

Labeless is a plugin system for dynamic, seamless and realtime synchronization between IDA Database and Olly. It consists of two parts: IDA plugin and OllyDbg plugin.
Labeless significantly reduces time that researcher spends on transferring already reversed\documented code information from IDA (static) to debugger (dynamic). It saves time, preventing from doing the same job twice. Also, you can document and add data to the IDB on the fly and your changes will be automatically propagated to Olly, even if you will restart the virtual machine or instance of Olly will crash. So, you will never lose your research.
This solution is highly upgradable. You can implement any helper scripts in Python on OllyDbg side and then just call them from IDA with one line of code, parsing the results and automatically propagating changes to IDB.
It features:

Also, we provide dynamic dumping of debugged process memory regions functionality. It can be useful in the following cases:

When debugged process has extracted/temporary/injected module which doesn't appear in modules list

When it doesn't have a valid PE header

When it have corrupted import table, etc.

We can take that memory region and put it in the IDB, fixing imports 'on-the-fly', using OllyDbg functionality. No more need in ImpRec or BinScylla, searching for the regions in memory that contain the real IAT, because we get that information dynamically from the debugged process itself.
As a result we have a lot of memory regions that may represent even different modules (if the unpacking process if multistage) with valid references between them, which gives us a possibility to build a full control flow graph of the executable. Basically, we will end up with one big IDB, containing all the info on the specific case.Installation

Copy both Olly\get-pip.py and Olly\setup_protobuf.bat files to guest machine, then run setup_protobuf.bat and wait for the successful installation

Copy Olly\Plugins\labeless_olly.dll to OllyDbg plugins directory. If you want to use Labeless with Olly FOFF mod (aka DeFixed edition), please use the plugin from the following path: Olly\Plugins\labeless_olly_foff.dll

Copy the whole directory Olly\python to OllyDbg home directory

Checking if everything works

Start Olly and check for Labeless item presence in Plugins menu. If there is any problem, then check Olly's log window for details.

Start working with existing IDA database or use 'Labeless -> Load stub database...' from the menu

Open Labeless settings dialog using menu 'Edit -> Plugins -> Labeless'. You can use main menu 'Labeless -> Settings...' or using hotkey Alt+Shift+E as well

If IDA displays the message 'Successfully connected!', then configuration is done correctly.

How to use

If you want to sync labels (names) from IDA to Olly you should check 'Enable labels & comments sync' in Labeless settings dialog in IDA. There is one required field called 'Remote module base', which should be set to the current module base of the analyzed application. You can find out that information in the debugger (Olly).